Zurück zur CVE-Übersicht
CVE-2026-44936
MEDIUM(5.0)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Risk Signal Score23/100 — NIEDRIG
- CVSS 5 — Mittel
- Weniger als 24 Stunden alt
Beschreibung
Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.
GitHub Advisories
GHSA-hx4v-cxpf-vh8mMEDIUM
Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
go/github.com/rancher/fleet→ 0.15.2
GitHub Advisory